Blogs
- Mastering DHCP Snooping: Enhance Your Network Security
- Automate Meraki Device Renaming
- Securing Your Network Access with 802.1X
- OpenSSL cheatsheet
- 802.1x EAP peap and EAP tls
- BGP Internet Edge
- Sumologic Troubleshooting
- Firewall Benefits
- Meraki
- Napalm Python
- SumoLogic SEIM
- Layer 1 and 2 checklist
- Automating OS Upgrade
- Netmiko
- TCPDUMP
- Multicast Notes
- MPLS Notes
- BGP Notes
- OSPF Notes
- Linux cheat sheet
- ISIS Notes
- TCP IP
OpenSSL cheatsheet
Generate the private key
# Generate the private key with the bit length of 2048
openssl genrsa -out ca.key 2048
Generate the public key
# Generate the public key
openssl rsa -pubout -in ca.key -out ca.pub
# or
openssl rsa -in ca.key -pubout > ca.pem
Certificate Signing Request
# Generate a crt signing request
openssl req -new -key ca.key -subj "/CN=ca.netprepare.com" -out ca.csr
# Example 1
# Generate a crt signing request with subjectAltName
openssl req -new -key test.key -out test.csr -subj "/CN=test.netprepare.com" -addext "subjectAltName=DNS:altname1.com,DNS:altname2.com"
# Example 2
# Add more info to the CSR
openssl req -new -newkey rsa:2048 -nodes -out CSR.csr -keyout privatekey.key -subj "/C=US/ST=New York/L=New York City/O=MyCompany/OU=IT Department/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:www.example.com,DNS:subdomain.example.com,IP:192.168.1.1,IP:10.0.0.1"
# Example 3
# Create a Certificate Signing Request (CSR) with OpenSSL and be prompted to answer
openssl req -new -newkey rsa:2048 -nodes -out CSR.csr -keyout privatekey.key
Signing Certificate Request
# Self-signed certificate
# Sign the CSR with your CA key and generate the certificate
openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
# or
openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -out test.crt -days 365 -CAcreateserial
# Not self-signed certificate
# Signing the cert with our CA server
openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -out test.crt -days 365 -CAcreateserial
Read Certificate Info
# Check crt info
openssl x509 -in ca.crt -text
# Check crt info brief
openssl req -in test.csr -noout -text
Check that test.crt was issued by CA
# To check that test.crt was issued by CA (meaning signed by CA)
openssl verify -verbose -CAfile ca.crt test.crt
Check private key and the crt public key are a key pair
# Check if the modulus of the certificate and private key match
openssl x509 -noout -modulus -in test.crt | openssl md5
openssl rsa -noout -modulus -in test.key | openssl md5
# if the md5 match it means they are a key pair
Extract the public key
# Extract the public key from the CSR and save it to a file
openssl req -in test.csr -pubkey -noout > test_csr_public.pem
# or
openssl req -in test.csr -pubkey -out test_csr_public.pem
# Extract the public key from the certificate and save it to a file
openssl x509 -in test.crt -pubkey -out test_crt_pubkey.pem
Encrypt and decrypt
echo "something" > plaintext.txt
# Encrypt with the public key
openssl pkeyutl -encrypt -pubin -inkey test_pubkey -in plaintext.txt -out encrypted.txt
# Decrypt with the private key
openssl pkeyutl -decrypt -inkey test.key -in encrypted.txt -out decrypted.txt
To gain a deeper understanding of the intricate role that certificates play in ensuring the security of your web access, I highly recommend watching the video accessible through the following Link
Furthermore, for a comprehensive demonstration of OpenSSL's functionality and its practical applications, I encourage you to view the video, available at this Link
Furthermore, for a comprehensive demonstration of OpenSSL's functionality and its practical applications, I encourage you to view the video, available at this Link